A model of decoy system based on dynamic attributes for cybercrime investigation

Abstract

The object of research are decoys with dynamic attributes. This paper discusses the impact of decoys involving blockchain technologies on the state of information security of the organization and the process of researching cybercrime. This is important because most cybercrimes are detected after the attacker gains access to sensitive data. Through systematic analysis of the literature focused on assessing the capabilities of decoy and blockchain technologies, this work identifies the main advantages of decoys that utilize blockchain technology. To assess the effectiveness of attacker detection and cybercrime analysis, controlled experiments were conducted using a blockchain-based decoy system that we developed aimed at determining network performance. As part of the study reported here, a technique is proposed to detect cybercrime using decoys based on blockchain technology. This technique is based on the fact that the attributes of the system change dynamically. Such a technique has made it possible to obtain a system model that solves the task of detecting decoys by intruders. In addition, the developed scheme reduces the load in contrast to the conventional fixed solution. The results indicate that the response time of services is significantly reduced in the environment of decoys with dynamic attributes. For example, Nginx's response time in a static host is twice as high as dynamic, and an Apache dynamic server can still respond to an intruder's attack even if a static server fails. Therefore, the results reported in the article give grounds to assert the possibility of using the solution in the infrastructure of information systems at the public and private levels